Adapt to new fake-ipa and sushy-tools

Signed-off-by: Huy Mai <huy.mai@est.tech>

Support/Multitenancy/Multiple-Ironic-conductors/.gitignore

@@ -22,3 +22,4 @@ ironic/ironic-auth-config
 ironic/ironic-htpasswd
 ironic/ironic-inspector-auth-config
 ironic/ironic-inspector-htpasswd
+cert/*

Support/Multitenancy/Multiple-Ironic-conductors/Init-environment-v3.sh

@@ -7,14 +7,15 @@ __dir__=$(realpath "$(dirname "$0")")
 # This is temporarily required since https://review.opendev.org/c/openstack/sushy-tools/+/875366 has not been merged.
 ./start_image_server.sh
 ./build-sushy-tools-image.sh
-./build-fake-ipa.sh
+./build-fake-ipa.sh -f
 ./dev-setup.sh
 ./build-api-server-container-image.sh
 ./generate_unique_nodes.sh
-./start_containers.sh
+./handle-images.sh
 
 ./install-ironic.sh
 ./install-bmo.sh
+./start_containers.sh
 
 python create_nodes_v3.py
 

Support/Multitenancy/Multiple-Ironic-conductors/build-fake-ipa.sh

@@ -5,7 +5,7 @@
 docker rmi "${IMAGE_NAME}"
 IMAGE_NAME="127.0.0.1:5000/localimages/fake-ipa"
 if [[ ${1:-""} == "-f" ]]; then
-    rm -rf "${FAKEIPA_DIR}"
+    # rm -rf "${FAKEIPA_DIR}"
     docker rmi "${IMAGE_NAME}"
 fi
 

Support/Multitenancy/Multiple-Ironic-conductors/clean.sh

@@ -45,3 +45,5 @@ done
 rm -rf bmc-*.yaml
 
 rm -rf macaddrs uuids node.json nodes.json batch.json in-memory-development.yaml sushy-tools-conf
+
+rm -rf cert

Support/Multitenancy/Multiple-Ironic-conductors/dev-setup.sh

@@ -37,7 +37,7 @@ curl -O https://raw.githubusercontent.com/metal3-io/baremetal-operator/main/iron
 envsubst < "${REPO_ROOT}/ironic-auth-config-tpl" > \
   "${IRONIC_OVERLAY}/ironic-auth-config"
 
-echo "IRONIC_HTPASSWD=$(htpasswd -n -b -B "${IRONIC_USERNAME}" "${IRONIC_PASSWORD}")" > \
+echo "$(htpasswd -n -b -B "${IRONIC_USERNAME}" "${IRONIC_PASSWORD}")" > \
   "${IRONIC_OVERLAY}/ironic-htpasswd"
 
 if [[ $(which firewall-cmd) == "" ]]; then

Support/Multitenancy/Multiple-Ironic-conductors/generate_unique_nodes.sh

@@ -31,6 +31,7 @@ for i in $(seq 1 "${N_NODES:-100}"); do
       "uuid": $uuid,
       "name": $node_name,
       "power_state": "Off",
+      "external_notifier": "True",
       "nics": [
 	{"mac": $macaddr, "ip": "192.168.0.100"}
       ]

Support/Multitenancy/Multiple-Ironic-conductors/handle-images.sh

@@ -3,7 +3,7 @@
 N_NODES=${N_NODES:-1000}
 IMAGE_NAMES=(
 # For now, sushy-tools needs to be compiled locally with https://review.opendev.org/c/openstack/sushy-tools/+/875366
-    # "quay.io/metal3-io/sushy-tools"
+    "quay.io/metal3-io/sushy-tools"
     "quay.io/metal3-io/ironic-ipa-downloader"
     "quay.io/metal3-io/ironic:latest"
     "quay.io/metal3-io/ironic-client"
@@ -12,34 +12,9 @@ IMAGE_NAMES=(
     "quay.io/metal3-io/api-server:latest"
 )
 
-REGISTRY_PORT="5000"
-# Pull images, tag to local registry, and push to registry
-for NAME in "${IMAGE_NAMES[@]}"; do
-    # Pull and tag the image
-    if [[ $(docker images | grep ${IMAGE_NAME}) == "" ]]; then
-        docker pull "$NAME"
+for image in "${IMAGE_NAMES[@]}"; do
+    if [[ ! $(docker images | grep ${image}) != "" ]]; then
+        docker pull ${image}
     fi
-    LOCAL_IMAGE_NAME="127.0.0.1:${REGISTRY_PORT}/localimages/${NAME##*/}"
-    docker tag "$NAME" "${LOCAL_IMAGE_NAME}"
-    # Push the image to the local registry
-    docker push "${LOCAL_IMAGE_NAME}"
-    minikube image load "${LOCAL_IMAGE_NAME}"
+    minikube image load "${image}"
 done
-
-api_server_image="quay.io/metal3-io/api-server:latest"
-if [[ $(docker images | grep ${IMAGE_NAME}) != "" ]]; then
-    minikube image load "${IMAGE_NAME}"
-fi
-
-__dir__=$(realpath "$(dirname "$0")")
-sudo "$__dir__/ironic_tls_setup.sh"
-
-IRONIC_IMAGE="127.0.0.1:5000/localimages/ironic:latest"
-# Run httpd container
-docker run -d --net host --name httpd-infra \
-    --pod infra-pod \
-    -v "${__dir__}/opt/metal3-dev-env/ironic":/shared \
-    -e PROVISIONING_INTERFACE=provisioning \
-    -e LISTEN_ALL_INTERFACES=false \
-    --entrypoint /bin/runhttpd \
-    "$IRONIC_IMAGE"

Support/Multitenancy/Multiple-Ironic-conductors/install-ironic.sh

@@ -26,7 +26,7 @@ kubectl -n cert-manager wait --for=condition=available deployment/cert-manager-w
 kubectl -n cert-manager wait --for=condition=available deployment/cert-manager-cainjector --timeout=500s
 kubectl -n cert-manager wait --for=condition=available deployment/cert-manager --timeout=500s
 
-if [[ ! -f ~/.ssh/id_rsa.pub ]]; then
+if [[ ! -f ~/.ssh/id_ed25519.pub ]]; then
   ssh-keygen -t ed25519
 fi
 
@@ -59,3 +59,7 @@ helm install ironic ironic --set sshKey="$(cat ~/.ssh/id_rsa.pub)" \
   --set secrets.ironicAuthConfig="$(cat ironic/ironic-auth-config)" \
   --set secrets.ironicHtpasswd="$(cat ironic/ironic-htpasswd)" \
   --wait --timeout 20m --create-namespace
+
+mkdir cert
+
+kubectl get secret -n baremetal-operator-system ironic-cert -o json -o=jsonpath="{.data.ca\.crt}" | base64 -d > cert/ironic-ca.crt

Support/Multitenancy/Multiple-Ironic-conductors/nodes_template.json

@@ -2,6 +2,7 @@
 	"uuid": "foo-uuid",
 	"name": "foo-name",
 	"power_state": "Off",
+	"external_notifier": "True",
 	"nics": [
 		{"mac": "foo-address", "ip": "172.0.0.100"}
 	]

Support/Multitenancy/Multiple-Ironic-conductors/start_containers.sh

@@ -42,11 +42,13 @@ SUSHY_EMULATOR_VMEDIA_VERIFY_SSL = False
 SUSHY_EMULATOR_AUTH_FILE = "/root/sushy/htpasswd"
 SUSHY_EMULATOR_FAKE_DRIVER = True
 SUSHY_EMULATOR_LISTEN_PORT = $(( 8000 + i ))
+EXTERNAL_NOTIFICATION_URL = "http://${ADVERTISE_HOST}:${fake_ipa_port}"
 FAKE_IPA_API_URL = "${API_URL}"
 FAKE_IPA_URL = "http://${ADVERTISE_HOST}:${fake_ipa_port}"
 FAKE_IPA_INSPECTION_CALLBACK_URL = "${CALLBACK_URL}"
 FAKE_IPA_ADVERTISE_ADDRESS_IP = "${ADVERTISE_HOST}"
 FAKE_IPA_ADVERTISE_ADDRESS_PORT = "${fake_ipa_port}"
+FAKE_IPA_CAFILE = "/root/cert/ironic-ca.crt"
 SUSHY_FAKE_IPA_LISTEN_IP = "${ADVERTISE_HOST}"
 SUSHY_FAKE_IPA_LISTEN_PORT = "${fake_ipa_port}"
 SUSHY_EMULATOR_FAKE_IPA = True
@@ -65,6 +67,7 @@ for i in $(seq 1 ${N_FAKE_IPA:-1}); do
 docker run \
     -d --net host --name fake-ipa-${i} \
     -v "$SUSHY_CONF_DIR/sushy-${i}":/app \
+    -v "$(realpath cert)":/root/cert \
     "${FAKEIPA_IMAGE}"
 done